package tls

type TLSClientConfig struct {
	// Server should be accessed without verifying the TLS certificate. For testing only.
	Insecure bool `yaml:"insecure,omitempty"                    mapstructure:"insecure,omitempty"`
	// 证书中的域名
	ServerName string `yaml:"serverName,omitempty"                    mapstructure:"serverName,omitempty"`
	// 域名+端口
	SecureHost string `yaml:"secureHost,omitempty"                    mapstructure:"secureHost,omitempty"`
	// Server requires TLS client certificate authentication
	CertFile string `yaml:"certFile,omitempty"                    mapstructure:"certFile,omitempty"`
	// Server requires TLS client certificate authentication
	KeyFile string `yaml:"keyFile,omitempty"                    mapstructure:"keyFile,omitempty"`
	// Trusted root certificates for server
	CAFile string `yaml:"caFile,omitempty"                    mapstructure:"CaFile,omitempty"`

	// CertData holds PEM-encoded bytes (typically read from a client certificate file).
	// CertData takes precedence over CertFile
	CertData []byte `yaml:"-"                    mapstructure:"certData,omitempty"`
	// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
	// KeyData takes precedence over KeyFile
	KeyData []byte `yaml:"-"                    mapstructure:"keyData,omitempty"`
	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
	// CAData takes precedence over CAFile
	CAData     []byte   `yaml:"-"                    mapstructure:"caData,omitempty"`
	NextProtos []string `yaml:"nextProtos,omitempty"                    mapstructure:"nextProtos,omitempty"`
}

func (c TLSClientConfig) HasCA() bool {
	return len(c.CAFile) > 0
}

func (c TLSClientConfig) HasCertAuth() bool {
	return len(c.CertFile) != 0 && len(c.KeyFile) != 0
}
